Letsencrypt/certbot fails when proxying with Apache ProxyPass

I had an issue on Directadmin server where client had nodejs application for which apache had to proxy on port 3001. Becouse of this, letsencrypt was not able to reach .well-known/acme-challenge/ and certificate registration/renewal failed. Solution is simple, you have to exclude proxy when requesting .well-known/acme-challenge/.

This was error whent trying to check .well-known/acme-challenge:

$ curl http://mydomain.com/.well-known/acme-challenge/test.txt 
{"errors":[{"message":"Route /.well-known/test.txt doesn't exist.","extensions":{"code":"ROUTE_NOT_FOUND"}}]}%

So I added “ProxyPass !” directive just before where I create proxy directive to port 3001. Like so:

. . .
<Location /.well-known/acme-challenge>
     ProxyPass !
</Location>

<Location />
     Require all granted
     ProxyPass http://127.0.0.1:3000/
     ProxyPassReverse http://127.0.0.1:3000/
</Location>
. . . 

Then I was able tu make request to .well-known/acme-challenge sucsessfully:

> $ curl http://mydomain.com/.well-known/acme-challenge/test.txt 
It works!

I hope this helps! 🙂

Multidomain webroot for Letsencrypt with NGINX

If you have web server on which there is a lot of virtual hosts, you may want to have one webroot directory for Letsencrypt SSL certificates only. So when Letsencrypt will make the requests for SSL registration or renewal, it will look in this directory. In this case I did this on CentOS 7 with NGINX web server.

First, let’s create directory what will be used for letsencrypt purposes. It must be writable by your web server user. You can define different path.

[root@machine ~]# mkdir -p /var/www/le-certs
[root@machine ~]# chown -R wwwuser:wwwgroup /var/www/le-certs

Letsencrypt will need access in “.well-known/acme-challenge”. For NGINX add something like this in your server block for desired virtual host.

location ~ /.well-known/acme-challenge/ {
             root /var/www/le-certs/;
             break;
}

You can also create new file named, for example le-config.conf and add block above in to it. Then you can simply include this line in your virtual hosts. 

server {
             listen :443 ssl http2;
             server_name mywebsite.com www.mywebsite.com;
             root /var/www/mywebsite/;

             include le-config.conf;
              ...
}

 

 

© 2024 geegkytuts.net
Hosted by SIEL


About author